which means we can now:
- set up one or more mirrors
- set up registries certificates
- skip TLS verify
- use plain HTTP
using the same set of flags that are defined for the executor
The upstream of github.com/genuinetools/amicontained switched to the
container runtime detection via github.com/genuinetools/bpfd/proc,
which supports a larger range of container runtimes. With this change
(among others) Podman can be detected correctly.
Fixes#1501.
Fixes#1473
The initial implementation of the registry mirror only allowed a single mirror, and if pulling from the mirror failed, the build would fail.
This change introduces:
- multiple registry mirrors instead of a single one
- fallback if an image can't be pulled from a registry
This is the same behavior as the docker daemon and will allow using a registry mirror such as `mirror.gcr.io` which is incomplete and doesn't have all the content that the default registry on docker.io has.
Note that there are no changes in the CLI flags, the `--registry-mirror` flag is still valid. But now it can be used multiple times to set up more than one registry mirror.
Co-authored-by: Tejal Desai <tejaldesai@google.com>
In the context of Docker Hub ratelimit, registry mirror has been applied
more and more. It's very unfortunate that kaniko doesn't take the same
form as docker/containerd. The registry mirror shouldn't have scheme
like `https://` included. This is not explicitly described in the doc.
This is extenion of current code to build s390x version of kaniko
executor image and add it to multi-arch manifest
Signed-off-by: Yulia Gaponenko <yulia.gaponenko1@de.ibm.com>
* Extend .dockerignore integration test with copies in later stages
.dockerignore should continue to apply when copying from the build context in later stages, but it currently doesn't
* Replace excluded global with passed along FileContext struct
This new FileContext struct allows much cleaner handling of context specific file exclusions.
The global excluded file state is no longer needed.
Additionally this also fixes the issue where excluded files aren't being applied for build context copies in later build stages.
Cached COPY layers are expensive in that they both need to be retrieved
over the network and occupy space in the layer cache.
They are unnecessary in that we already have all resources needed to
execute the COPY locally, and doing so is a trivial file-system
operation. This is in contrast to RUN layers, which can do
arbitrary and unbounded work.
The end result is that cached COPY commands were more expensive when
cached, not less. Remove them.
Resolves#1357
* Allow DOCKER_CONFIG to be a filename
* UnitTest: DockerConfLocation must return a file if it is existent and passed using env, or default if the file is incorrect
* Add support for Vagrant
Use the Vagrantfile to create a workable test machine in a few minutes
to run the unit and most of the integration tests on non-Linux systems.
* Vagrant: install jq and crane to help debugging
Hi there,
The preferred spelling seems to be all lowercase: I fixed those with uppercase K.
(Sorry for this modest intial contribution ;-) but I hope to come back with more..
Didier
This allows those using Kaniko as a library to add ignored dirs and
files without needs to modify /proc/self/mountinfo or doing other
strange things with mount -t tmpfs
bahetiamit
Matt Moore
Tejal Desai
Vincent Behar
Fabrice
Severin Strobl
Lars
Lars Toenning
Sladyn
mickkael
zhouhaibing089
Shashank
Yulia Gaponenko
ejose19
Chris Mellard
Sladyn
Tinjo Schöni
Ian Kerins
好风
Akram Ben Aissi
Josh Soref
Martin Treusch von Buttlar
Didier Durand
Tejal Desai
Thomas Stromberg
Joe Kutner
Keisuke Umegaki